* Maximiliano Curia [Sun, 30 Nov 2008 12:08:13 -0200]: > Hola Nico Golde!
Hola Maxi! > El 30/11/2008 a las 10:44 escribiste: > > Hi, > > the following CVE (Common Vulnerabilities & Exposures) id was > > published for tkman some time ago. > > CVE-2008-5137[0]: > > | tkman in tkman 2.2 allows local users to overwrite arbitrary files via > > | a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary > > | file. > > Unfortunately the vulnerability described above is not important enough > > to get it fixed via regular security update in Debian stable. It does > > not warrant a DSA. > > However it would be nice if this could get fixed via a regular point > > update[1]. > > Please contact the release team for this. > > This is an automatically generated mail, in case you are already working on > > an > > upgrade this is of course pointless. > > For further information: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5137 > > [1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable > I've just uploaded a patched version (2.2-4), I'll be happy if someone reviews > the patch. Oh, I see that upload was to unstable, which is great for Lenny, but I think Nico meant an upload to stable-proposed-updates. Do that if you wish. Cheers, -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Pet Shop Boys - Jealousy -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
